This appendix lists the TCP and UDP ports used by Oracle Audit Vault and Database Firewall.
These following two classes of ports must be open in external network firewalls for these Database Firewall deployments:
When a Database Firewall is configured to protect a Secured Target database, traffic directed to that database must be able to pass through external network firewalls to the Database Firewall. The ports required are configured in the Secured Target's page in the Audit Vault Server (see Oracle Audit Vault and Database Firewall Administrator's Guide).
A Database Firewall can be configured to accept proxy connections, which are passed on to the database. The ports required for the proxy connection are configured in the Network Configuration page on the Database Firewall (see Oracle Audit Vault and Database Firewall Administrator's Guide).
We recommend that you do not change these ports.
Table D-1 lists ports for services provided by the Audit Vault Server. These services are used by outside users of the system, and access to most of them can be controlled within the AVDF system. If external network firewalls are used, these ports must be open to allow connections from the users (clients) of these services to the Audit Vault Server(s).
Table D-1 Ports for Services Provided by Audit Vault Server
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
22 |
TCP |
SSH |
Command line access to system |
Disabled by default |
161 |
UDP |
SNMP |
SNMP Access |
Disabled by default |
443 |
TCP |
HTTPS |
Administration Console (web interface) |
|
1521 1522 |
TCP |
Oracle Database |
Access for Audit Vault agents, and access to Oracle Database for reporting |
Table D-2 lists ports for general services provided by the Database Firewall. These services are used by outside users of the system, and access to all them can be controlled within the AVDF system. If external network firewalls are used, these ports must be open to allow connections from the users (clients) of these services to the Database Firewall(s) in the AVDF system.
Table D-2 Ports for Services Provided by Database Firewall
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
22 |
TCP |
SSH |
Command line access to system |
Disabled by default |
161 |
UDP |
SNMP |
SNMP Access |
Disabled by default |
443 |
TCP |
HTTPS |
Administration Console (web interface) |
|
2050 - 5100 |
TCP |
AVDF Internal Protocol |
Incoming traffic captured from Host Monitor |
|
2050 - 5100 |
TCP |
Syslog |
Incoming WAF (F5) violation alerts |
The exact port number used by an enforcement point can be found in the Advanced settings page of the enforcement point. See Oracle Audit Vault and Database Firewall Administrator's Guide. |
Table D-3 lists ports for external services that may be used by the Audit Vault Server. If external network firewalls are used, the relevant ports must be open so that the Audit Vault Server can use these services as a client.
Table D-3 Ports for External Network Access by the Audit Vault Server
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
25 |
TCP |
SMTP |
Email delivery |
|
53 |
UDP |
DNS |
Domain name service |
|
123 |
UDP and TCP |
NTP |
Time Synchronization |
|
514 |
UDP, or configured as TCP |
Syslog |
Syslog alerts |
For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide. |
514 |
UDP, or configured as TCP |
Proprietary ArcSight protocol over syslog transport |
Alerts |
For TCP-transport connections to ArcSight server(s) the port must be configured in the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide. |
3260 |
TCP |
Software ISCSI |
SAN server communication |
This port can be configured on Audit Vault Server console when registering a SAN server. See "Registering a SAN Server". |
Table D-4 lists ports for external services that may be used by the Database Firewall. If external network firewalls are used, the relevant ports must be open so that the Database Firewall can use these services as a client.
Table D-4 Ports for External Network Access by the Database Firewall
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
53 |
UDP |
DNS |
Domain name service |
|
123 |
UDP and TCP |
NTP |
Time Synchronization |
|
514 |
UDP, or configured as TCP |
Syslog |
Syslog alerts |
For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide. |
514 |
TCP |
WAF (F5) alerts |
WAF (F5) alerts |
The port can be changed from the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide. |
Table D-5 lists ports for services that are used between the Database Firewall and the Audit Vault Server. If an external network firewall is placed between these systems, then the relevant ports must be opened.